const char *reporting = (const char *) *reportingp;
const char *mac = (const char *) *macp;
- if (reporting == NULL)
- goto out;
- if (strcasecmp(reporting, "None") == 0)
- options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
- else if (strcasecmp(reporting, "Basic") == 0)
- options->fticks_reporting = RSP_FTICKS_REPORTING_BASIC;
- else if (strcasecmp(reporting, "Full") == 0)
- options->fticks_reporting = RSP_FTICKS_REPORTING_FULL;
- else {
- debugx(1, DBG_ERR, "config error: invalid FTicksReporting value: %s",
- reporting);
- r = 1;
- goto out;
+ /* Set defaults. */
+ options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
+ options->fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED;
+
+ if (reporting != NULL) {
+ if (strcasecmp(reporting, "None") == 0)
+ options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
+ else if (strcasecmp(reporting, "Basic") == 0)
+ options->fticks_reporting = RSP_FTICKS_REPORTING_BASIC;
+ else if (strcasecmp(reporting, "Full") == 0)
+ options->fticks_reporting = RSP_FTICKS_REPORTING_FULL;
+ else {
+ debugx(1, DBG_ERR,
+ "config error: invalid FTicksReporting value: %s",
+ reporting);
+ r = 1;
+ }
}
- if (mac == NULL)
- goto out;
- if (strcasecmp(mac, "Static") == 0)
- options->fticks_mac = RSP_FTICKS_MAC_STATIC;
- else if (strcasecmp(mac, "Original") == 0)
- options->fticks_mac = RSP_FTICKS_MAC_ORIGINAL;
- else if (strcasecmp(mac, "VendorHashed") == 0)
- options->fticks_mac = RSP_FTICKS_MAC_VENDOR_HASHED;
- else if (strcasecmp(mac, "VendorKeyHashed") == 0)
- options->fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED;
- else if (strcasecmp(mac, "FullyHashed") == 0)
- options->fticks_mac = RSP_FTICKS_MAC_FULLY_HASHED;
- else if (strcasecmp(mac, "FullyKeyHashed") == 0)
- options->fticks_mac = RSP_FTICKS_MAC_FULLY_KEY_HASHED;
- else {
- debugx(1, DBG_ERR, "config error: invalid FTicksMAC value: %s", mac);
- r = 1;
- goto out;
+ if (mac != NULL) {
+ if (strcasecmp(mac, "Static") == 0)
+ options->fticks_mac = RSP_FTICKS_MAC_STATIC;
+ else if (strcasecmp(mac, "Original") == 0)
+ options->fticks_mac = RSP_FTICKS_MAC_ORIGINAL;
+ else if (strcasecmp(mac, "VendorHashed") == 0)
+ options->fticks_mac = RSP_FTICKS_MAC_VENDOR_HASHED;
+ else if (strcasecmp(mac, "VendorKeyHashed") == 0)
+ options->fticks_mac = RSP_FTICKS_MAC_VENDOR_KEY_HASHED;
+ else if (strcasecmp(mac, "FullyHashed") == 0)
+ options->fticks_mac = RSP_FTICKS_MAC_FULLY_HASHED;
+ else if (strcasecmp(mac, "FullyKeyHashed") == 0)
+ options->fticks_mac = RSP_FTICKS_MAC_FULLY_KEY_HASHED;
+ else {
+ debugx(1, DBG_ERR,
+ "config error: invalid FTicksMAC value: %s", mac);
+ r = 1;
+ }
}
- if (*keyp == NULL
- && (options->fticks_mac == RSP_FTICKS_MAC_VENDOR_KEY_HASHED
- || options->fticks_mac == RSP_FTICKS_MAC_FULLY_KEY_HASHED)) {
+ if (*keyp != NULL) {
+ options->fticks_key = *keyp;
+ if (options->fticks_mac != RSP_FTICKS_MAC_VENDOR_KEY_HASHED
+ && options->fticks_mac != RSP_FTICKS_MAC_FULLY_KEY_HASHED)
+ debugx(1, DBG_WARN, "config warning: FTicksKey not used");
+ }
+ else if (options->fticks_reporting != RSP_FTICKS_REPORTING_NONE
+ && (options->fticks_mac == RSP_FTICKS_MAC_VENDOR_KEY_HASHED
+ || options->fticks_mac == RSP_FTICKS_MAC_FULLY_KEY_HASHED)) {
debugx(1, DBG_ERR,
- "config error: FTicksMAC %s requires an FTicksKey", mac);
- options->fticks_mac = RSP_FTICKS_MAC_STATIC;
+ "config error: FTicksMAC values VendorKeyHashed and "
+ "FullyKeyHashed require an FTicksKey");
+ options->fticks_reporting = RSP_FTICKS_REPORTING_NONE;
r = 1;
- goto out;
}
- if (*keyp != NULL)
- options->fticks_key = *keyp;
-
-out:
if (*reportingp != NULL) {
free(*reportingp);
*reportingp = NULL;
The FTicksReporting option is used to enable F-Ticks
logging and can be set to <literal>None</literal>,
<literal>Basic</literal> or <literal>Full</literal>. Its
- default value is <literal>None</literal>.
+ default value is <literal>None</literal>. If
+ FTicksReporting is set to anything other than
+ <literal>None</literal>, note that the default value for
+ FTicksMAC is <literal>VendorKeyHashed</literal> which
+ needs FTicksKey to be set.
</para>
<para>
See <literal>radsecproxy.conf-example</literal> for
details. Note that radsecproxy has to be configured with
- support for F-Ticks (<literal>--enable-fticks</literal>)
- for this option to have any effect.
+ F-Ticks support (<literal>--enable-fticks</literal>) for
+ this option to have any effect.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
The FTicksMAC option can be used to control if and how
- Calling-Station-Id is being logged. It can be set to one
- of <literal>Static</literal>,
- <literal>Original</literal>,
+ Calling-Station-Id (the users Ethernet MAC address) is
+ being logged. It can be set to one of
+ <literal>Static</literal>, <literal>Original</literal>,
<literal>VendorHashed</literal>,
<literal>VendorKeyHashed</literal>,
<literal>FullyHashed</literal> or
<literal>FullyKeyHashed</literal>.
</para>
<para>
- The default value for FTicksMAC is <literal>Static</literal>.
- Before chosing any of <literal>Original</literal>
+ The default value for FTicksMAC is
+ <literal>VendorKeyHashed</literal>. This means that
+ FTicksKey has to be set.
+ <para>
+ Before chosing any of <literal>Original</literal>,
+ <literal>FullyHashed</literal> or
+ <literal>VendorHashed</literal>, consider the implications
+ for user privacy when MAC addresses are collected. How
+ will the logs be stored, transferred and accessed?
+ </para>
</para>
<para>
See <literal>radsecproxy.conf-example</literal> for
details. Note that radsecproxy has to be configured with
- support for F-Ticks (<literal>--enable-fticks</literal>)
- for this option to have any effect.
+ F-Ticks support (<literal>--enable-fticks</literal>) for
+ this option to have any effect.
</para>
</listitem>
</varlistentry>
option.
</para>
<para>
- Note that radsecproxy has to be configured with support
- for F-Ticks (<literal>--enable-fticks</literal>) for this
+ Note that radsecproxy has to be configured with F-Ticks
+ support (<literal>--enable-fticks</literal>) for this
option to have any effect.
</para>
</listitem>
projects / libradsec.git / commitdiff